Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Do trusts rely on PDCs? 1

Status
Not open for further replies.
pshepherd

pshepherd

IS-IT--Management
Mar 18, 2003
2
GB
Can somebody give me a definitive answer to whether a trust between domains relies upon the netlogon service on the PDC only.

We have a Windows NT domain and a Windows 2000 domain, there are two one way trusts linking the domains and these trusts have been set up using LMHOSTS files as recommended by Microsoft. WINS has not been installed in the Windows 2000 domain.

Some technical staff have come to me recommending that we remove the LMHOSTS files and set up WINS in the Windows 2000 domain as this will provide fault tolerance for the trust in the event that the PDC fails. i.e. if the PDC goes down for whatever reason, WINS will ensure that the trust is then automatically maintained between the Windows 2000 DCs and a BDC in the Windows NT domain.

I think that this is not the case and that if the PDC fails, the trust cannot be recovered without bringing the PDC back up or promoting a BDC to be the new PDC. However, I cannot find any Microsoft articles which state this explicitly.

Can anyone confirm whether the NT4 PDC is absolutely necessary for the functioning of the trust or point me towards a Microsoft article which will clarify the matter.

I would be very grateful for your help.

Many thanks

Paul
 
Sort by date Sort by votes
If you have BDCs in your domains, the trusts will continue to function. Remember - BDC has a complete copy of PDC's security database (given that synchronization has completed) and the sole purpose of a BDC is to keep the domain running even if the PDC is offline. The difference is - BDC's database is read-only, so you cannot change things unless you promote BDC to PDC, but whatever worked when PDC wentdown will continue working.

Good luck.
 
Upvote 0 Downvote
Paul,

A note for "some technical staff" :- WINS, although very useful, can not keep anything running. WINS (Windows Internet Name Service) is by definition, a service that maps NETBIOS names to IP addresses.

In you situation, all WINS would do, is remove a reliance on the LMHOSTS file, and make it more flexible (no longer a static file that needs updating).

As BOKA correctly stated, a BDC will keep trusts working in the short term, so either make sure that the same LMHOSTS file is on all Domain Controllers, or install WINS. Cheers,
Sam

Please let members know if you found their posts helpful.
 
Upvote 0 Downvote
Thanks for your help guys

You are right, the trust does keep running with only BDCs available, we just had to put multiple entries into the LMHOSTS file in the form:

10.X.X.1 SERVER00 #PRE #DOM:NTDOM
10.X.X.1 "NTDOM \0x1b" #PRE
10.X.X.2 SERVER01 #PRE #DOM:NTDOM
10.X.X.2 "NTDOM \0x1b" #PRE

We hadn't previously done that.
I am happy because we can keep WINS out of our lovely new Windows 2000 environment

Cheers

Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
414
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
HyperV trying to do extended replica to external HDD
Replies
0
Views
247
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
330
mikehook
mikehook
lacked
  • Locked
  • Question
problem with windows update on windows server 2016
Replies
1
Views
289
maybeimaleo
maybeimaleo

Part and Inventory Search

Sponsor

Back
Top